Main Vulnerability Database Exploits ID:5787 - Exploit for Permissions, Privileges, and Access Controls in Kronos webTA - CVE-2020-8495

ID:5787 - Exploit for Permissions, Privileges, and Access Controls in Kronos webTA - CVE-2020-8495

Published: June 17, 2021

Vulnerability identifier: #VU24797

Vulnerability risk: Medium

CVE-ID: CVE-2020-8495

CWE-ID: CWE-264

Exploitation vector: Remote access

Vulnerable software:
Kronos webTA

Link to public exploit:

https://www.exploit-db.com/exploits/48001/

Vulnerability description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists within the "delegate", "delegateRole" and "delegatorUserId" parameters due to the “com.threeis.webta.H491delegate” servlet allows a remote attacker with Timekeeper or Supervisor privileges to gain unauthorized administrative privileges within the application.

This vulnerability affects the following versions of Kronos Web Time and Attendance:

3.8.x and later

Remediation

Install updates from vendor's website.

ID:5787 - Exploit for Permissions, Privileges, and Access Controls in Kronos webTA - CVE-2020-8495

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human